两个字段之间的基巴班时差 [英] Kibana time delta between two fields

问题描述

我有两个字段作为保存在我们的ELK集群中的日志消息的一部分：

 EventTime：2015- 07-28 17:03:20，
EventReceivedTime：2015-07-28 17:03:22
  

有没有办法在每个日志消息中得到这个字段（在这种情况下为2秒）之间的时差，并通过Kibana3显示？

如果不可能，直接的弹性搜索查询也会起作用。

提前感谢

解决方案

是的，我只是使用脚本字段在Kibana中使用一些测试数据。在Kibana中，转到设置，点击左上角的索引模式。

您应该会看到2个选项卡Fields和Scripted fields。 >

点击脚本字段选项卡。然后添加脚本字段。

输入名称，并在脚本字段中输入类似

doc ['EventReceivedTime']。value - doc ['EventTime']。value

点击底部的创建字段。现在，您应该会在Discover中看到新的脚本字段，并可以在可视化中使用它。
我的时间戳是以毫秒为单位，我的delta_time是毫秒。

I have two fields as part of a log message saved in our ELK cluster:

"EventTime": "2015-07-28 17:03:20",
"EventReceivedTime": "2015-07-28 17:03:22"

Is there a way to get the time difference between this fields (in this case 2 sec.) in each log message and display it trough Kibana3?

If its not possible a direct elasticsearch query would also work.

Thanks in advance!

解决方案

Yes, I just did it with some test data in Kibana using a scripted field. In Kibana, go to Settings, click on your index pattern in the upper left corner.

You should see 2 tabs "Fields" and "Scripted fields".

Click on the "Scripted fields" tab. Then "Add scripted field".

Enter a "Name" and in the Script field enter something like

doc['EventReceivedTime'].value - doc['EventTime'].value

Click "Create Field" at the bottom. Now you should see that new scripted field in Discover and can use it in visualizations. My timestamps were in milliseconds and my delta_time was in milliseconds.

这篇关于两个字段之间的基巴班时差的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！